We do not have a ticket for it (since we were not affected). I think I am against reporting CVEs from dependencies where our software is not affected. It just adds "noise". I would prefer when we have a security vulnerability section that everyone take it seriously and upgrade....
What do you think? Jody On Sat, Oct 22, 2022 at 3:01 AM Ian Turton <ijtur...@gmail.com> wrote: > Do we want to mention the CVE-2022-42889 > <https://nvd.nist.gov/vuln/detail/CVE-2022-42889> vulnerability, that > doesn't actually affect us and is now patched anyway? > > Ian > > On Sat, 22 Oct 2022 at 04:52, Jody Garnett <jody.garn...@gmail.com> wrote: > >> Here is draft blog post while we wait for build process: >> https://github.com/geoserver/geoserver.github.io/pull/135 >> >> Okay, gather the bits for release: >> >> - Security hiding layer groups: >> https://github.com/geoserver/geoserver/pull/6290 (done) >> - Windows installer needs assembly changes backport >> https://github.com/geoserver/geoserver/pull/6291 (done) >> - aside: Noticed many of the assembles try and gather >> src/release/RELEASE_NOTES.txt >> >> <https://github.com/geoserver/geoserver/blob/2.13.x/src/release/RELEASE_NOTES.txt> >> ... which has not been present since 2.13.x >> - Did a round up of other backports, we should be good ... >> >> -- >> Jody Garnett >> >> >> On Thu, 20 Oct 2022 at 07:17, Jody Garnett <jody.garn...@gmail.com> >> wrote: >> >>> With the RC out of the way; I still have some customers waiting on a >>> stable release for security improvements. >>> >>> Is it okay if I make a 2.21.x release? That way we still get a stable >>> release for October here. >>> >>> Jody >>> -- >>> -- >>> Jody Garnett >>> >> _______________________________________________ > > >> Geoserver-devel mailing list >> Geoserver-devel@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/geoserver-devel >> > > > -- > Ian Turton > -- -- Jody Garnett
_______________________________________________ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
